This project contains the playbook to provision my home servers.
It creates a Kubernetes cluster on self hosted bare metal hosts and deploy apps.
It also contains a Vagrant environment to test the playbooks and services.
Not taking into account personal bias about hosting in the cloud, I'm running 2 types of services that are not compatible with cloud providers :
- Home automation :
- I need access to physical devices (USB sticks)
- I don't want to lose access to my automations if my internet connexion goes down
- Media Streaming
- The cost would be too high (storage + cpu to transcode)
Going the self-hosted route has a few consequences on the infrastructure.
The underlying hardware is detailed on a dedicated page, but to keep it short :
Type | Cores | CPU Model | RAM | Storage |
---|---|---|---|---|
master-1 | 8/16 | AMD Ryzen 7 5700G | 32G | SSD 1T |
master-2 | 8/16 | AMD Ryzen 7 5700G | 32G | SSD 1T |
master-3 | 8/16 | AMD Ryzen 7 5700G | 32G | SSD 1T |
node-3 | 6P+8e/20 | Intel Core i5 14500 | 64G | SSD 2T |
node-home | 4/4 | Intel Atom x5 Z8350 | 2G | Flash 32G |
More information on the dedicated page.
Spoiler : it's not really HA.
To test this cluster, take a look at the Vagrant page.
The following services are deployed :
Service | Description |
---|---|
OpenLDAP | Open source Lightweight Directory Access Protocol |
LemonDAP | Web Single Sign On and Access Management Free Software |
phpLDAPadmin | Web-based LDAP browser |
Gitea | Painless self-hosted Git service |
MinIO | S3 compatible object store |
Argo Events | Event-driven workflow automation framework for Kubernetes |
Argo Workflows | Kubernetes-native workflow engine |
ArgoCD | Declarative, GitOps continuous delivery tool for Kubernetes |
Crowdsec | Collaborative malicious activity detection and remediation tool |
ZoneMTA | Modern outbound SMTP relay |
MailHog | MailHog is an email testing tool for developers |
Blocky | DNS proxy and ad-blocker for the local network |
Ntfy | Send push notifications to your phone or desktop via PUT/POST |
Prometheus | Monitoring solution |
AlertManager | Alert manager for Prometheus |
Grafana | Platform for beautiful analytics and monitoring |
Loki | Log aggregation system |
Promtail | Log shipper |
Fluent Bit | Lightweight log Processor and Forwarder |
FluentD | Log Processor and Forwarder |
OpenSearch | Distributed, RESTful search and analytics engine |
OpenSearch Dashboard | Visualize your Elasticsearch data |
Unifi Controller | Controller for Unifi devices |
HomeAssistant | Home automation |
ESPHome | System to control your ESP8266/ESP32 |
Z-Wave JS UI | Fully configurable Zwave Gateway and Control Panel |
Frigate | Local NVR designed for Home Assistant with AI object detection |
Node-RED | Flow-based programming for the IoT |
Mosquitto | MQTT broker |
RoomAssistant | Presence tracking |
Homepage | A highly customizable homepage with service API integrations |
Miniflux | Miniflux is a minimalist and opinionated feed reader |
Reminiflux | Alternative web frontend for miniflux |
Nextcloud | The self-hosted productivity platform that keeps you in control |
PaperlessNGX | Scan & OCR documents |
OliveTin | Access to predefined shell commands from a web interface. |
Syncthing | Continuous file synchronization |
Jellyfin | Video streaming |
Airsonic | Music streaming |
Sickchill | Automatic Video Library Manager for TV Shows. |
Deluge | Torrent client |
pyload | HTTP download manager |
SABnzbd | Binary newsreader |
Ansible is used to deploy the infrastructure:
Once everything is configured, applications are deployed automatically using the argo suite:
DevOps tools are deployed in the cluster. See the dedicated DevOps documentation for more details.
Different tools are deployed to handle backing the cluster up. Mainly, restic backs up critical data (host, app, nas), and then Rclone copies the restic repositories off site (second Nas and GCS)